# Pre-Release Notes - November 2025
source: https://developer.mastercard.com/mdes-digital-enablement/documentation/release-notes/pre-release-notes-nov-2025/index.md

The Tokenize API request has been enhanced to support providing cardholder consent and authentication indicators for tokenizing cards issued in India. This enhancement aligns with the regulatory guidelines issued by the Reserve Bank of India (RBI) for cards issued in India.

As part of this update, merchants are now required to provide cardholder's consent to Mastercard at the time of initiating tokenization for a card on file tokenization using an Indian-Issued card. Merchants are also required to confirm that the cardholder authentication was performed successfully before submitting the Tokenize API request.

## Release Dates {#release-dates}

* MTF: 10th Sept 2025
* Production: Phased roll out plan.
  * Phase 1: 31st October 2025 (Providing cardholder consent and authentication indicators to Mastercard is optional until Phase 2)
  * Phase 2: 31st March 2026 (Providing cardholder consent and authentication indicators to Mastercard is mandatory from this date)

### Change - Record Cardholder Consent {#change---record-cardholder-consent}

From 1st April 2026, Token requestors must provide specific cardholder consent and authentication data in the Tokenize API requests when tokenizing cards issued in India. The new object called `cardHolderConsentAndAuthenticationData` contains six new fields:

|            New Field Name            |                                     Description                                     |
|--------------------------------------|-------------------------------------------------------------------------------------|
| `cardHolderConsentCapturedFlag`      | Flag to indicate if the cardholder consent was captured.                            |
| `cardHolderConsentCapturedTimestamp` | The date and time when the consent was captured.                                    |
| `authenticationPerformedFlag`        | Flag to indicate if the cardholder authentication was performed.                    |
| `authenticationPerformedTimestamp`   | The date/time when the cardholder authentication was performed.                     |
| `authenticationType`                 | The authentication type that was used to perform authentication of the cardholder.  |
| `authenticationValue`                | The authentication value that was used to perform authentication of the cardholder. |


API Reference: `GET /digitization/tokenize`

For more information about this functionality, refer to [GLB 11690.1](https://trc-techresource.mastercard.com/r/bundle/m_an11690_en-us/page/d/en-US/pql1747077707799.html)

## Customer Impact {#customer-impact}

Change is mandatory for cards issued in India.

To maintain backward compatibility for existing customers tokenizing India issued cards, MDES will continue to accept tokenization requests with optional cardholder consent data until March 31, 2026. Starting April 1, 2026, Token Requestors must provide the new object called `cardHolderConsentAndAuthenticationData` in the tokenization requests, for cards issued in India, in alignment with the RBI guidelines. Non-compliance will result in failed tokenization attempts.

For cards issued globally, this change is optional.